Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Issue with the ability to ping

    General pfSense Questions
    3
    9
    36
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dpettigr last edited by

      Hello, I have a SG-3100 installed at a customer location and they need to be able to ping powerdmslocal.com and have it respond on 127.0.0.1 Somewhere it is getting blocked. I have tried port forwarding based on the ports that have been supplied but I haven't had any luck so I am reaching out here.

      1 Reply Last reply Reply Quote 0
      • Rico
        Rico LAYER 8 Rebel Alliance last edited by

        Maybe it's me but I don't get what you are trying to do...

        -Rico

        2x Netgate XG-7100 | 11x Netgate SG-5100 | 6x Netgate SG-3100 | 2x Netgate SG-1100

        1 Reply Last reply Reply Quote 0
        • D
          dpettigr last edited by

          so they use a program that needs to access powerdmslocal.com but when I ping it from a machine not behind a firewall, it returns 127.0.0.1 however if they are behind the pfsense, it doesn't find the host.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by johnpoz 

            ;; QUESTION SECTION:
;powerdmslocal.com.             IN      A

;; ANSWER SECTION:
powerdmslocal.com.      3599    IN      A       127.0.0.1

            On the public internet returns 127.0.0.1, if you ask pfsense for that, which pfsense is either resolving or forwarding to something it would be a rebind - and you would get no response.

            You can either create a host override in pfsense to return that for devices behind pfsense using pfsense as dns.

            Or you set it as a private domain, so pfsense will allow such a response.

            https://docs.netgate.com/pfsense/en/latest/dns/dns-rebinding-protections.html

            Pick which one you want to do
            pickone.png

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 3x 3100 2.4.4p3 | 1x 3100 21.05.2 | 4860 21.05.2

            D 1 Reply Last reply Reply Quote 0
            • D
              dpettigr @johnpoz last edited by

              @johnpoz exactly what I needed... thank you so much!

              1 Reply Last reply Reply Quote 0
              • D
                dpettigr last edited by

                ok, so I guess this wasn't exactly what I needed.. I need to add *.powerdmslocal.com but it won't allow me to add the * in front of the domain. Is there a way around this?

                Thanks so much for the help!

                1 Reply Last reply Reply Quote 0
                • johnpoz
                  johnpoz LAYER 8 Global Moderator last edited by johnpoz

                  you want a wildcard.. You can do that with redirect.

                  But I take it you didn't set private domain, because private domain would return anything on the public internet be it rfc1918 or not.. And they already have wildcard set, so if you query whatever.powerdmslocal.com it comes back 127.0.0.1

                  Just set it as private - my first example vs host override.

                  But if you want to set it all local you can do it with a redirect

                  server:
local-zone: "powerdmslocal.com" redirect
local-data: "powerdmslocal.com 3600 IN A 127.0.0.1"

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  2440 2.4.5p1 | 3x 3100 2.4.4p3 | 1x 3100 21.05.2 | 4860 21.05.2

                  1 Reply Last reply Reply Quote 0
                  • D
                    dpettigr last edited by

                    so I am kind of a noob and only have done GUI stuff :-) can you point me in the right direction?

                    1 Reply Last reply Reply Quote 0
                    • johnpoz
                      johnpoz LAYER 8 Global Moderator last edited by johnpoz

                      In the resolver gui.. Go to the options box and put in the private-domain I showed above.

                      private.png

                      Or if you want it to all stay local and not actually send forwards or queries upstream.. Set it to redirect

                      server:
local-zone: "powerdmslocal.com" redirect
local-data: "powerdmslocal.com 3600 IN A 127.0.0.1"

                      The private-domain is the cleaner option in this case, since that resolves on the public that way

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      2440 2.4.5p1 | 3x 3100 2.4.4p3 | 1x 3100 21.05.2 | 4860 21.05.2

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post